Cyber Incident Victim: Ranil Wickremesinghe

On August 5, 2015, the official website of Sri Lankan Prime Minister Ranil Wickremesinghe’s office (pmoffice.gov.lk) was compromised by a hacktivist operating under the alias Dr.MwNs. The attacker replaced the homepage with a defacement page displaying the message “Hacked by Dr.MwNs” and played Maher Zain’s Islamic devotional song “Thank You Allah” in the background. The breach rendered the government website inaccessible for normal operations, redirecting visitors to the hacker’s message and multimedia content. Zone-h.org, a platform tracking website defacements, recorded and mirrored the compromised site under reference ID 24670165. Analysis of the hacker’s social media footprint revealed public claims of responsibility via a since-deleted Twitter account (@DrMwNs), where they expressed alignment with the #ForSyria hacktivist movement. No data exfiltration or additional system compromises beyond the front-end defacement were documented in available records.

Historical Zone-h submissions linked to Dr.MwNs showed prior targeting of Turkish websites, with hundreds of Turkish domain defacements attributed to the same alias. The hacker’s Twitter activity further indicated a breach of Bhutan Telecom Ltd’s servers, which reportedly provided secondary access to Google’s Bhutanese domain infrastructure. Linguistic analysis of the attacker’s social media posts demonstrated fluency in Arabic, though no explicit organizational affiliations or geopolitical motives beyond #ForSyria advocacy were verifiable from source material. At the time of initial reporting, the Prime Minister’s Office website remained under the control of the attacker with no publicized restoration timeline or official response from Sri Lankan authorities. The incident marked a visible compromise of a high-level South Asian government digital asset, though functional impacts appeared limited to temporary service disruption and reputational exposure.